- Overview
- Requirements
- Recommended: Deployment templates
- Manual: Preparing the installation
- Manual: Preparing the installation
- Step 1: Configuring the OCI-compliant registry for offline installations
- Step 2: Configuring the external objectstore
- Step 3: Configuring High Availability Add-on
- Step 4: Configuring Microsoft SQL Server
- Step 5: Configuring the load balancer
- Step 6: Configuring the DNS
- Step 7: Configuring the disks
- Step 8: Configuring kernel and OS level settings
- Step 9: Configuring the node ports
- Step 10: Applying miscellaneous settings
- Step 12: Validating and installing the required RPM packages
- Step 13: Generating cluster_config.json
- Cluster_config.json Sample
- General configuration
- Profile configuration
- Certificate configuration
- Database configuration
- External Objectstore configuration
- Pre-signed URL configuration
- ArgoCD configuration
- External OCI-compliant registry configuration
- Disaster recovery: Active/Passive and Active/Active configurations
- High Availability Add-on configuration
- Orchestrator-specific configuration
- Insights-specific configuration
- Process Mining-specific configuration
- Document Understanding-specific configuration
- Automation Suite Robots-specific configuration
- AI Center-specific configuration
- Monitoring configuration
- Optional: Configuring the proxy server
- Optional: Enabling resilience to zonal failures in a multi-node HA-ready production cluster
- Optional: Passing custom resolv.conf
- Optional: Increasing fault tolerance
- Adding a dedicated agent node with GPU support
- Adding a dedicated agent Node for Task Mining
- Connecting Task Mining application
- Adding a Dedicated Agent Node for Automation Suite Robots
- Step 15: Configuring the temporary Docker registry for offline installations
- Step 16: Validating the prerequisites for the installation
- Manual: Performing the installation
- Post-installation
- Cluster administration
- Managing products
- Getting Started with the Cluster Administration portal
- Migrating objectstore from persistent volume to raw disks
- Migrating from in-cluster to external High Availability Add-on
- Migrating data between objectstores
- Migrating in-cluster objectstore to external objectstore
- Migrating to an external OCI-compliant registry
- Switching to the secondary cluster manually in an Active/Passive setup
- Disaster Recovery: Performing post-installation operations
- Converting an existing installation to multi-site setup
- Guidelines on upgrading an Active/Passive or Active/Active deployment
- Guidelines on backing up and restoring an Active/Passive or Active/Active deployment
- Monitoring and alerting
- Migration and upgrade
- Migrating between Automation Suite clusters
- Upgrading Automation Suite
- Downloading the installation packages and getting all the files on the first server node
- Retrieving the latest applied configuration from the cluster
- Updating the cluster configuration
- Configuring the OCI-compliant registry for offline installations
- Executing the upgrade
- Performing post-upgrade operations
- Applying a patch
- Product-specific configuration
- Best practices and maintenance
- Troubleshooting
- How to troubleshoot services during installation
- How to uninstall the cluster
- How to clean up offline artifacts to improve disk space
- How to clear Redis data
- How to enable Istio logging
- How to manually clean up logs
- How to clean up old logs stored in the sf-logs bucket
- How to disable streaming logs for AI Center
- How to debug failed Automation Suite installations
- How to delete images from the old installer after upgrade
- How to disable TX checksum offloading
- How to manually set the ArgoCD log level to Info
- How to expand AI Center storage
- How to generate the encoded pull_secret_value for external registries
- How to address weak ciphers in TLS 1.2
- How to check the TLS version
- Unable to run an offline installation on RHEL 8.4 OS
- Error in downloading the bundle
- Offline installation fails because of missing binary
- Certificate issue in offline installation
- SQL connection string validation error
- Prerequisite check for selinux iscsid module fails
- Azure disk not marked as SSD
- Failure after certificate update
- Antivirus causes installation issues
- Automation Suite not working after OS upgrade
- Automation Suite requires backlog_wait_time to be set to 0
- Volume unable to mount due to not being ready for workloads
- Support bundle log collection failure
- Single-node upgrade fails at the fabric stage
- Upgrade fails due to unhealthy Ceph
- RKE2 not getting started due to space issue
- Volume unable to mount and remains in attach/detach loop state
- Upgrade fails due to classic objects in the Orchestrator database
- Ceph cluster found in a degraded state after side-by-side upgrade
- Unhealthy Insights component causes the migration to fail
- Service upgrade fails for Apps
- In-place upgrade timeouts
- Docker registry migration stuck in PVC deletion stage
- AI Center provisioning failure after upgrading to 2023.10 or later
- Upgrade fails in offline environments
- SQL validation fails during upgrade
- snapshot-controller-crds pod in CrashLoopBackOff state after upgrade
- Setting a timeout interval for the management portals
- Authentication not working after migration
- Kinit: Cannot find KDC for realm <AD Domain> while getting initial credentials
- Kinit: Keytab contains no suitable keys for *** while getting initial credentials
- GSSAPI operation failed due to invalid status code
- Alarm received for failed Kerberos-tgt-update job
- SSPI provider: Server not found in Kerberos database
- Login failed for AD user due to disabled account
- ArgoCD login failed
- Update the underlying directory connections
- Failure to get the sandbox image
- Pods not showing in ArgoCD UI
- Redis probe failure
- RKE2 server fails to start
- Secret not found in UiPath namespace
- ArgoCD goes into progressing state after first installation
- MongoDB pods in CrashLoopBackOff or pending PVC provisioning after deletion
- Pods stuck in Init:0/X
- Missing Ceph-rook metrics from monitoring dashboards
- Running High Availability with Process Mining
- Process Mining ingestion failed when logged in using Kerberos
- After Disaster Recovery Dapr is not working properly for Process Mining and Task Mining
- Unable to connect to AutomationSuite_ProcessMining_Warehouse database using a pyodbc format connection string
- Airflow installation fails with sqlalchemy.exc.ArgumentError: Could not parse rfc1738 URL from string ''
- How to add an IP table rule to use SQL Server port 1433
- Automation Suite certificate is not trusted from the server where CData Sync is running
- Running the diagnostics tool
- Using the Automation Suite support bundle
- Exploring Logs
Configuring the OCI-compliant registry for offline installations
In offline installations, you need a registry compliant with OCI (Open Container Initiative) to store the container images and deployment Helm charts. If you perform an online installation, skip this step.
/opt/UiPathAutomationSuite/latest/installer.
You must choose one of the following options to set up the OCI-compliant registry:
-
Recommended. Bring your own registry. For details, see Uploading the Automation Suite artifacts to the external OCI-compliant registry on this page.
-
If you do not have a registry, you can temporarily install an OCI-compliant registry on one of the server machines. For details, see Configuring the temporary Docker registry on this page.
There are two ways to upload the Automation Suite artifacts to the external OCI-compliant registry:
- Option A: By mirroring your OCI-compliant registry with the UiPath® registry;
- Option B: By hydrating your OCI-compliant registry with the offline bundle.
The following table compares the two options to upload the artifacts to the registry so that you can choose the one that suits your needs:
|
Option A: Mirroring the registry |
Option B: Hydrating the registry |
|---|---|
|
Copies the artifacts from the UiPath® registry to any target registry. |
Uses the offline tarball to untar and upload the artifacts to the target registry. |
|
Requires Docker and Helm tools. |
Requires Podman and Helm tools. |
|
Requires internet access to copy the artifacts from the UiPath® registry to the target registry. |
Requires internet access only to download the offline tarball to the jump server. Uploading the tarball does not require internet access. |
|
Requires a temporary space to cache the images during the copying method. This space is usually configured during the Docker
installation. The default location is
/var/lib/docker.
|
Requires a temporary space to extract the tarball and a temporary space for Podman to load the images. The location of the tarball extraction must be provided during the hydration step. The Podman location can be
/var/tmp, which must have adequate storage available.
|
|
The required storage capacity for the
/var/lib/docker directory is around 128 GiB.
|
The required storage capacity for the extraction is around 200 GiB, and
/var/tmp must be 256 GiB.
|
This method requires internet access on the jump machine from which you upload the Automation Suite artifacts onto your OCI-compliant registry.
Prerequisites for mirroring the UiPath® registry
To mirror the UiPath® registry, you need the following:
-
a VM running a Linux distribution (recommended) or a laptop (not recommended);
-
a Docker client authenticated with the private registry;
-
Helm 3.8 or newer authenticated with the private registry;
-
as-images.txt; -
as-helm-charts.txt; -
mirror-registry.sh; -
outbound connectivity to
registry.uipath.com; -
128 GiB of free disk space for Docker under the
/var/lib/dockerpartition on the machine from which you upload the container images and charts.
Installing Docker and Helm
You must have Docker and Helm installed and authenticated on the machine from which you plan to upload the Automation Suite container images and charts to your registry.
-
To download the Docker binaries, see the official documentation.
-
To authenticate the Docker registry, see the official documentation. Alternatively, you can use the following command by replacing the sample credentials with your actual registry credentials:
docker login my.registry.io:443 --username "admin" --password "secret"docker login my.registry.io:443 --username "admin" --password "secret" -
To download the Helm binaries, see the official documentation.
-
To authenticate the Helm registry, see the official documentation. Alternatively, you can use the following command by replacing the sample credentials with your actual registry credentials:
helm registry login my.registry.io:443 --username "admin" --password "secret"helm registry login my.registry.io:443 --username "admin" --password "secret"
Downloading as-images.txt
as-images.txt, see Downloading installation bundles.
Downloading as-helm-charts.txt
as-helm-charts.txt, see Downloading installation bundles.
Downloading the optional Document Understanding bundles
To download the optional Document Understanding bundles, see Document Understanding documentation.
Downloading mirror-registry.sh
mirror-registry.sh script, see Downloading the installation packages.
Uploading the Automation Suite images to your registry
mirror-registry.sh script requires outbound connectivity to the source (default registry.uipath.com) and target registries.
mirror-registry.sh script does not perform authentication to the registry. It is assumed that you have already authenticated to the registry.
|
Flag |
Environment variable |
Description |
|---|---|---|
|
|
|
Mandatory. Path to the image manifest file. |
|
|
|
Mandatory. Path to the Helm chart manifest file. |
|
|
|
Mandatory. Pass the URL for the target registry. |
|
|
|
Optional. Pass the URL for the source registry; the default is
registry.uipath.com.
|
-
Ensure that you have the necessary permissions to execute the shell script, by running the following command:
chmod +x mirror-registry.shchmod +x mirror-registry.sh -
Upload the Automation Suite images to your registry, by running the following command:
./mirror-registry.sh --target-registry-url my.registry.io:443 --source-registry-url registry.uipath.com --images-manifest /home/myuser/as-images.txt --helm-charts-manifest /home/myuser/as-helm-charts.txt./mirror-registry.sh --target-registry-url my.registry.io:443 --source-registry-url registry.uipath.com --images-manifest /home/myuser/as-images.txt --helm-charts-manifest /home/myuser/as-helm-charts.txtNote: For registries, such as Harbor, which require using a project, make sure you append the project name to the target registry URL you include in the command, as shown in the following example:./mirror-registry.sh --target-registry-url my.registry.io:443/myproject --source-registry-url registry.uipath.com --images-manifest /home/myuser/as-images.txt --helm-charts-manifest /home/myuser/as-helm-charts.txt./mirror-registry.sh --target-registry-url my.registry.io:443/myproject --source-registry-url registry.uipath.com --images-manifest /home/myuser/as-images.txt --helm-charts-manifest /home/myuser/as-helm-charts.txt
This method only requires internet access on the jump machine to download the offline bundle. Once the bundle is available, you can upload to your OCI-compliant registry without an internet connection.
This method may also require additional space on the machine to un-tar and upload to your registry. In addition, this method may take longer than the mirroring approach.
Prerequisites for hydrating the registry
To hydrate the registry, you need the following:
- a VM running a Linux distribution is preferred over running the script on a laptop;
- ability to download and copy or somehow propagate the offline bundle to the VM;
- Helm 3.8 or newer authenticated with the private registry;
- Podman installed, configured, and authenticated with the private registry;
- 150 GiB of free disk space for Podman under
/var/lib/containersfor loading the containers locally before pushing them to the remote registry. You can change the default path by updating the location of the graphRoot path in the output of thepodman infocommand. - Set the
TMP_DIRenvironment variable as described in the official Podman documentation. as.tar.gz
Installing Podman and Helm
You must ensure you have Podman and Helm installed and authenticated on the machine from which you plan to upload the Automation Suite container images and charts to your registry.
- To download the Podman binaries, see the official documentation.
- To authenticate to the Podman registry, see the official documentation. Alternatively, you can use the following command by replacing the sample credentials with your actual registry credentials:
podman login my.registry.io:443 --username "admin" --password "secret"podman login my.registry.io:443 --username "admin" --password "secret" - To download the Helm binaries, see the official documentation.
- To authenticate the Helm registry, see the official documentation. Alternatively, you can use the following command by replacing the sample credentials with your actual registry credentials:
helm registry login my.registry.io:443 --username "admin" --password "secret"helm registry login my.registry.io:443 --username "admin" --password "secret"
Downloading as.tar.gz
as.tar.gz, see Downloading installation bundles.
Downloading the optional Document Understanding bundles
To download optional Document Understanding bundles, see Document Understanding documentation.
Downloading hydrate-registry.sh
hydrate-registry.sh script, see Downloading the installation packages.
Uploading the Automation Suite images to the registry
hydrate-registry.sh script.
hydrate-registry.sh script does not require outbound connectivity except with the target registries.
hydrate-registry.sh script does not perform authentication to the registry. It is assumed that you have already authenticated to the registry.
|
Flag |
Description |
|---|---|
|
|
Mandatory. Path to the offline bundle. |
|
|
Mandatory. Pass the URL for the target registry. |
|
|
The location to be used to untar the offline bundle. It can be either
/var/lib/containers or a custom location. Ensure you have a minimum of 100 GiB of storage. It is recommended to have 256 GiB of storage.
|
-
Ensure that we have the necessary permissions to execute the shell script, by running the following command:
chmod +x hydrate-registry.shchmod +x hydrate-registry.sh -
Upload the Automation Suite images to your registry by running the following command:
./hydrate-registry.sh --target-registry-url my.registry.io:443 --offline-bundle-path ./as.tar.gz --extract-path /extract/to/path./hydrate-registry.sh --target-registry-url my.registry.io:443 --offline-bundle-path ./as.tar.gz --extract-path /extract/to/path
./hydrate-registry.sh --target-registry-url my.registry.io:443/myproject --offline-bundle-path ./as.tar.gz --extract-path /extract/to/path./hydrate-registry.sh --target-registry-url my.registry.io:443/myproject --offline-bundle-path ./as.tar.gz --extract-path /extract/to/path--extract-path in the
command, as shown in the following
example:./hydrate-registry.sh --target-registry-url my.registry.io:443 --optional-bundle-path ./dusemistructured-2023.10.0.tar.gz --extract-path /tmp./hydrate-registry.sh --target-registry-url my.registry.io:443 --optional-bundle-path ./dusemistructured-2023.10.0.tar.gz --extract-path /tmpTo properly configure your external OCI-compliant registry, you must update the trust store of all the machines on which you plan to install Automation Suite. For instructions on how to perform this step post-installation, see Managing certificates.
To do that, take the following steps:
- Add the CA file to the
/etc/pki/ca-trust/source/anchors/location. - Run
update-ca-trustto update the trust store of the operating system. Once the trust store is updated, the extracted certificate file is merged in/etc/pki/ca-trust/extracted/ca-bundle.trust.crt.
registry_ca_cert parameter in the cluster_config.json file. For details, refer to External OCI-compliant registry configuration.
This step is needed only for offline installations that use an in-cluster registry. You can skip this step if you perform an offline installation that uses an external OCI-compliant registry, or an online installation.
/uipath mount point.
The temporary Docker registry is only required during installation or upgrade. Once the installation or upgrade is successful, the temporary registry is no longer needed and should be uninstalled.
To set up the temporary registry, you need the following:
-
as-fs.tar.gz- to download it, see Downloading the installation packages.
To install the temporary Docker registry on one of the nodes, run the following command:
./bin/uipathctl registry install-temp-registry -i /opt/UiPathAutomationSuite/cluster_config.json./bin/uipathctl registry install-temp-registry -i /opt/UiPathAutomationSuite/cluster_config.json|
Flag |
Description |
|---|---|
|
|
Optional. Accepts the path to the
cluster_config.json. It is only required when changing the default registry port and file path.
|
30070 and uses the /uipath/data/registry file path. You must open port 30070 on the load balancer and the node on which you install the temporary docker registry.
The load balancer backend pool must exclusively target the nodes hosting the temporary docker registry.
cluster_config.json file as shown in the following sample:
{
"infra": {
"tmp_docker_registry": {
"node_port": "<new port number>",
"file_path": "/uipath/data/registry"
}
}
}{
"infra": {
"tmp_docker_registry": {
"node_port": "<new port number>",
"file_path": "/uipath/data/registry"
}
}
}Installing Podman is mandatory prior to hydrating the temporary registry. If you have already validated and installed the required RPM packages, then Podman is automatically installed. Otherwise, it is essential to manually install Podman before proceeding to the configuration of the temporary Docker registry for offline installations.
-
Hydrate the temporary registry with the container images and Helm charts by running the following command:
./configureUiPathAS.sh registry hydrate-temp-registry --offline-bundle /uipath/tmp/as-fs.tar.gz -i cluster_config.json./configureUiPathAS.sh registry hydrate-temp-registry --offline-bundle /uipath/tmp/as-fs.tar.gz -i cluster_config.json - Seed the internal registry from the temporary registry by running the following command. If you apply a patch, take the steps
described in the following note.
./configureUiPathAS.sh registry seed-internal-registry -i cluster_config.json./configureUiPathAS.sh registry seed-internal-registry -i cluster_config.jsonNote:If you apply a patch to an existing Automation Suite version, take the following steps instead. This is not applicable for LTS or CU.
For more details on how to apply an Automation Suite hotfix, see Applying a patch.
-
Download the
andfiles, then take the following steps:-
Change the directory to the installer folder:
cd "${INSTALLER_PATH}"cd "${INSTALLER_PATH}" -
Create a backup of the
docker-image.jsonandhelm-charts.jsonfiles:cp versions/docker-images.json versions/docker-images.json.bak cp versions/helm-charts.json versions/helm-charts.json.bakcp versions/docker-images.json versions/docker-images.json.bak cp versions/helm-charts.json versions/helm-charts.json.bak -
Copy the downloaded
docker-images.jsonandversions.jsonfiles to the installer folder:cp <PATH_OF_PATCH_VERSION_docker-images.json> versions/docker-images.json cp <PATH_OF_PATCH_VERSION_versions.json> versions/helm-charts.jsoncp <PATH_OF_PATCH_VERSION_docker-images.json> versions/docker-images.json cp <PATH_OF_PATCH_VERSION_versions.json> versions/helm-charts.json
-
-
Seed the internal registry from the temporary registry by running the following command:
./configureUiPathAS.sh registry seed-internal-registry -i cluster_config.json./configureUiPathAS.sh registry seed-internal-registry -i cluster_config.json -
Revert the
docker-image.jsonandhelm-charts.jsonto the original files:cp versions/docker-images.json.bak versions/docker-images.json cp versions/helm-charts.json.bak versions/helm-charts.jsoncp versions/docker-images.json.bak versions/docker-images.json cp versions/helm-charts.json.bak versions/helm-charts.json
-
|
Flag |
Description |
|---|---|
|
|
File path containing the location of the
as-fs.tar.gz on your server node.
|
|
|
Optional. Accepts the path to the
cluster_config.json file. It is only required when changing the default Docker registry port and file path.
|
- Uploading the Automation Suite artifacts to the external OCI-compliant registry
- Option A: Mirroring the UiPath® registry to your registry
- Option B: Hydrating the registry with the offline bundle
- Configuring the certificate for the external OCI-compliant registry
- Configuring the temporary Docker registry
- Prerequisites for setting the temporary registry
- Installing the temporary registry
- Hydrating the temporary registry
